Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0840111D67 for ; Mon, 13 May 2013 17:42:44 +0000 (UTC) Received: (qmail 25101 invoked by uid 500); 13 May 2013 15:53:23 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 25020 invoked by uid 500); 13 May 2013 15:53:23 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 24880 invoked by uid 99); 13 May 2013 15:53:22 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 May 2013 15:53:22 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 1230F88F769; Mon, 13 May 2013 15:53:22 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: muralireddy@apache.org To: commits@cloudstack.apache.org Date: Mon, 13 May 2013 15:53:27 -0000 Message-Id: <6ba49a19730f4df9baa3f80ae6bc87c3@git.apache.org> In-Reply-To: <3dd7f1ce499f4ed180dff4676f352f9b@git.apache.org> References: <3dd7f1ce499f4ed180dff4676f352f9b@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [07/93] [abbrv] [partial] merge master http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java new file mode 100644 index 0000000..cc780cb --- /dev/null +++ b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java @@ -0,0 +1,162 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.rules.dao; + +import java.util.List; + +import javax.ejb.Local; +import javax.inject.Inject; + +import org.springframework.stereotype.Component; + +import com.cloud.network.dao.FirewallRulesCidrsDao; +import com.cloud.network.dao.FirewallRulesCidrsDaoImpl; +import com.cloud.network.rules.FirewallRule.Purpose; +import com.cloud.network.rules.FirewallRule.State; +import com.cloud.network.rules.PortForwardingRuleVO; + +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; +import com.cloud.utils.db.SearchCriteria.Op; +import com.cloud.vm.dao.NicSecondaryIpVO; + +@Component +@Local(value=PortForwardingRulesDao.class) +public class PortForwardingRulesDaoImpl extends GenericDaoBase implements PortForwardingRulesDao { + + protected final SearchBuilder AllFieldsSearch; + protected final SearchBuilder ApplicationSearch; + protected final SearchBuilder ActiveRulesSearch; + protected final SearchBuilder AllRulesSearchByVM; + protected final SearchBuilder ActiveRulesSearchByAccount; + + @Inject protected FirewallRulesCidrsDao _portForwardingRulesCidrsDao; + + protected PortForwardingRulesDaoImpl() { + super(); + AllFieldsSearch = createSearchBuilder(); + AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); + AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ); + AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ); + AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ); + AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ); + AllFieldsSearch.and("vmId", AllFieldsSearch.entity().getVirtualMachineId(), Op.EQ); + AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ); + AllFieldsSearch.and("dstIp", AllFieldsSearch.entity().getDestinationIpAddress(), Op.EQ); + AllFieldsSearch.done(); + + ApplicationSearch = createSearchBuilder(); + ApplicationSearch.and("ipId", ApplicationSearch.entity().getSourceIpAddressId(), Op.EQ); + ApplicationSearch.and("state", ApplicationSearch.entity().getState(), Op.NEQ); + ApplicationSearch.and("purpose", ApplicationSearch.entity().getPurpose(), Op.EQ); + ApplicationSearch.done(); + + + ActiveRulesSearch = createSearchBuilder(); + ActiveRulesSearch.and("ipId", ActiveRulesSearch.entity().getSourceIpAddressId(), Op.EQ); + ActiveRulesSearch.and("networkId", ActiveRulesSearch.entity().getNetworkId(), Op.EQ); + ActiveRulesSearch.and("state", ActiveRulesSearch.entity().getState(), Op.NEQ); + ActiveRulesSearch.and("purpose", ActiveRulesSearch.entity().getPurpose(), Op.EQ); + ActiveRulesSearch.done(); + + AllRulesSearchByVM = createSearchBuilder(); + AllRulesSearchByVM.and("vmId", AllRulesSearchByVM.entity().getVirtualMachineId(), Op.EQ); + AllRulesSearchByVM.and("purpose", AllRulesSearchByVM.entity().getPurpose(), Op.EQ); + AllRulesSearchByVM.done(); + + ActiveRulesSearchByAccount = createSearchBuilder(); + ActiveRulesSearchByAccount.and("accountId", ActiveRulesSearchByAccount.entity().getAccountId(), Op.EQ); + ActiveRulesSearchByAccount.and("state", ActiveRulesSearchByAccount.entity().getState(), Op.NEQ); + ActiveRulesSearchByAccount.and("purpose", ActiveRulesSearchByAccount.entity().getPurpose(), Op.EQ); + ActiveRulesSearchByAccount.done(); + } + + @Override + public List listForApplication(long ipId) { + SearchCriteria sc = ApplicationSearch.create(); + sc.setParameters("ipId", ipId); + sc.setParameters("state", State.Staged); + sc.setParameters("purpose", Purpose.PortForwarding); + + return listBy(sc, null); + } + + @Override + public List listByVm(Long vmId) { + SearchCriteria sc = AllRulesSearchByVM.create(); + sc.setParameters("vmId", vmId); + sc.setParameters("purpose", Purpose.PortForwarding); + + return listBy(sc, null); + } + + @Override + public List listByIpAndNotRevoked(long ipId) { + SearchCriteria sc = ActiveRulesSearch.create(); + sc.setParameters("ipId", ipId); + sc.setParameters("state", State.Revoke); + sc.setParameters("purpose", Purpose.PortForwarding); + + return listBy(sc, null); + } + + @Override + public List listByNetworkAndNotRevoked(long networkId) { + SearchCriteria sc = ActiveRulesSearch.create(); + sc.setParameters("networkId", networkId); + sc.setParameters("state", State.Revoke); + sc.setParameters("purpose", Purpose.PortForwarding); + + return listBy(sc, null); + } + + @Override + public List listByIp(long ipId) { + SearchCriteria sc = AllFieldsSearch.create(); + sc.setParameters("ipId", ipId); + sc.setParameters("purpose", Purpose.PortForwarding); + + return listBy(sc, null); + } + + @Override + public List listByNetwork(long networkId) { + SearchCriteria sc = AllFieldsSearch.create(); + sc.setParameters("networkId", networkId); + sc.setParameters("purpose", Purpose.PortForwarding); + + return listBy(sc); + } + + @Override + public List listByAccount(long accountId) { + SearchCriteria sc = ActiveRulesSearchByAccount.create(); + sc.setParameters("accountId", accountId); + sc.setParameters("state", State.Revoke); + sc.setParameters("purpose", Purpose.PortForwarding); + + return listBy(sc); + } + @Override + public List listByDestIpAddr(String ip4Address) { + SearchCriteria sc = AllFieldsSearch.create(); + sc.setParameters("dstIp", ip4Address); + return listBy(sc); + } + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java new file mode 100644 index 0000000..f01b50f --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/SecurityGroupRuleVO.java @@ -0,0 +1,167 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security; + +import java.util.UUID; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; + +import com.cloud.async.AsyncInstanceCreateStatus; +import com.google.gson.annotations.Expose; +import org.apache.cloudstack.api.InternalIdentity; + +@Entity +@Table(name = ("security_group_rule")) +public class SecurityGroupRuleVO implements SecurityRule { + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + private long id; + + @Column(name = "security_group_id") + private long securityGroupId; + + @Column(name = "start_port") + private int startPort; + + @Column(name = "end_port") + private int endPort; + + @Column(name = "type") + private String type; + + @Column(name = "protocol") + private String protocol; + + @Column(name = "allowed_network_id", nullable = true) + private Long allowedNetworkId = null; + + @Column(name = "allowed_ip_cidr", nullable = true) + private String allowedSourceIpCidr = null; + + @Expose + @Column(name = "create_status", updatable = true, nullable = false) + @Enumerated(value = EnumType.STRING) + private AsyncInstanceCreateStatus createStatus; + + @Column(name = "uuid") + private String uuid; + + public SecurityGroupRuleVO() { + this.uuid = UUID.randomUUID().toString(); + } + + public SecurityGroupRuleVO(SecurityRuleType type,long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId ) { + this.securityGroupId = securityGroupId; + this.startPort = fromPort; + this.endPort = toPort; + this.protocol = protocol; + this.allowedNetworkId = allowedNetworkId; + this.uuid = UUID.randomUUID().toString(); + if (type == SecurityRuleType.IngressRule) { + this.type = SecurityRuleType.IngressRule.getType(); + } else { + this.type = SecurityRuleType.EgressRule.getType(); + } + } + + public SecurityGroupRuleVO(SecurityRuleType type,long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) { + this.securityGroupId = securityGroupId; + this.startPort = fromPort; + this.endPort = toPort; + this.protocol = protocol; + this.allowedSourceIpCidr = allowedIpCidr; + this.uuid = UUID.randomUUID().toString(); + if (type == SecurityRuleType.IngressRule) { + this.type = SecurityRuleType.IngressRule.getType(); + } else { + this.type = SecurityRuleType.EgressRule.getType(); + } + } + + @Override + public long getId() { + return id; + } + + @Override + public String getType() { + return type; + } + + @Override + public long getSecurityGroupId() { + return securityGroupId; + } + + public SecurityRuleType getRuleType() { + if ("ingress".equalsIgnoreCase(this.type)) + return SecurityRuleType.IngressRule; + else + return SecurityRuleType.EgressRule; + } + + @Override + public int getStartPort() { + return startPort; + } + + @Override + public int getEndPort() { + return endPort; + } + + @Override + public String getProtocol() { + return protocol; + } + + @Override + public AsyncInstanceCreateStatus getCreateStatus() { + return createStatus; + } + + public void setCreateStatus(AsyncInstanceCreateStatus createStatus) { + this.createStatus = createStatus; + } + + @Override + public Long getAllowedNetworkId() { + return allowedNetworkId; + } + + @Override + public String getAllowedSourceIpCidr() { + return allowedSourceIpCidr; + } + + @Override + public String getUuid() { + return this.uuid; + } + + public void setUuid(String uuid) { + this.uuid = uuid; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java new file mode 100644 index 0000000..c74152e --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/SecurityGroupRulesVO.java @@ -0,0 +1,169 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.PrimaryKeyJoinColumn; +import javax.persistence.SecondaryTable; +import javax.persistence.Table; + +import com.cloud.network.security.SecurityRule.SecurityRuleType; +import com.cloud.utils.db.JoinType; +import org.apache.cloudstack.api.InternalIdentity; + +@Entity +@Table(name = ("security_group")) +@JoinType(type = "left") +@SecondaryTable(name = "security_group_rule", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "id", referencedColumnName = "security_group_id") }) +public class SecurityGroupRulesVO implements SecurityGroupRules { + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + private long id; + + @Column(name = "name") + private String name; + + @Column(name = "description") + private String description; + + @Column(name = "domain_id") + private Long domainId; + + @Column(name = "account_id") + private Long accountId; + + @Column(name = "id", table = "security_group_rule", insertable = false, updatable = false) + private Long ruleId; + + @Column(name = "uuid", table = "security_group_rule", insertable = false, updatable = false) + private String ruleUuid; + + @Column(name = "start_port", table = "security_group_rule", insertable = false, updatable = false) + private int startPort; + + @Column(name = "end_port", table = "security_group_rule", insertable = false, updatable = false) + private int endPort; + + @Column(name = "protocol", table = "security_group_rule", insertable = false, updatable = false) + private String protocol; + + @Column(name = "type", table = "security_group_rule", insertable = false, updatable = false) + private String type; + + @Column(name = "allowed_network_id", table = "security_group_rule", insertable = false, updatable = false, nullable = true) + private Long allowedNetworkId = null; + + @Column(name = "allowed_ip_cidr", table = "security_group_rule", insertable = false, updatable = false, nullable = true) + private String allowedSourceIpCidr = null; + + public SecurityGroupRulesVO() { + } + + public SecurityGroupRulesVO(long id) { + this.id = id; + } + + public SecurityGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, Long ruleId, String ruleUuid, int startPort, int endPort, String protocol, Long allowedNetworkId, + String allowedSourceIpCidr) { + this.id = id; + this.name = name; + this.description = description; + this.domainId = domainId; + this.accountId = accountId; + this.ruleId = ruleId; + this.ruleUuid = ruleUuid; + this.startPort = startPort; + this.endPort = endPort; + this.protocol = protocol; + this.allowedNetworkId = allowedNetworkId; + this.allowedSourceIpCidr = allowedSourceIpCidr; + } + + @Override + public long getId() { + return id; + } + + @Override + public String getName() { + return name; + } + + @Override + public String getDescription() { + return description; + } + + @Override + public Long getDomainId() { + return domainId; + } + + @Override + public Long getAccountId() { + return accountId; + } + + @Override + public Long getRuleId() { + return ruleId; + } + + @Override + public String getRuleUuid() { + return ruleUuid; + } + + @Override + public int getStartPort() { + return startPort; + } + + @Override + public int getEndPort() { + return endPort; + } + + @Override + public String getProtocol() { + return protocol; + } + + @Override + public SecurityRuleType getRuleType() { + if ("ingress".equalsIgnoreCase(this.type)) { + return SecurityRuleType.IngressRule; + } else { + return SecurityRuleType.EgressRule; + } + } + + @Override + public Long getAllowedNetworkId() { + return allowedNetworkId; + } + + @Override + public String getAllowedSourceIpCidr() { + return allowedSourceIpCidr; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java new file mode 100644 index 0000000..75bde33 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/SecurityGroupVMMapVO.java @@ -0,0 +1,89 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.PrimaryKeyJoinColumn; +import javax.persistence.SecondaryTable; +import javax.persistence.SecondaryTables; +import javax.persistence.Table; + +import com.cloud.vm.VirtualMachine.State; +import org.apache.cloudstack.api.InternalIdentity; + +@Entity +@Table(name = ("security_group_vm_map")) +@SecondaryTables({ @SecondaryTable(name = "nics", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "instance_id", referencedColumnName = "instance_id") }), + @SecondaryTable(name = "vm_instance", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "instance_id", referencedColumnName = "id") }), + @SecondaryTable(name = "security_group", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "security_group_id", referencedColumnName = "id") }) }) +public class SecurityGroupVMMapVO implements InternalIdentity { + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + private Long id; + + @Column(name = "security_group_id") + private long securityGroupId; + + @Column(name = "instance_id") + private long instanceId; + + @Column(name = "ip4_address", table = "nics", insertable = false, updatable = false) + private String guestIpAddress; + + @Column(name = "state", table = "vm_instance", insertable = false, updatable = false) + private State vmState; + + @Column(name = "name", table = "security_group", insertable = false, updatable = false) + private String groupName; + + public SecurityGroupVMMapVO() { + } + + public SecurityGroupVMMapVO(long securityGroupId, long instanceId) { + this.securityGroupId = securityGroupId; + this.instanceId = instanceId; + } + + public long getId() { + return id; + } + + public long getSecurityGroupId() { + return securityGroupId; + } + + public String getGuestIpAddress() { + return guestIpAddress; + } + + public long getInstanceId() { + return instanceId; + } + + public State getVmState() { + return vmState; + } + + public String getGroupName() { + return groupName; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java new file mode 100644 index 0000000..be7c593 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/SecurityGroupVO.java @@ -0,0 +1,99 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security; + +import java.util.UUID; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; + +import org.apache.cloudstack.api.Identity; +import org.apache.cloudstack.api.InternalIdentity; + +@Entity +@Table(name = ("security_group")) +public class SecurityGroupVO implements SecurityGroup { + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + private long id; + + @Column(name = "name") + private String name; + + @Column(name = "description") + private String description; + + @Column(name = "domain_id") + private long domainId; + + @Column(name = "account_id") + private long accountId; + + @Column(name = "uuid") + private String uuid; + + public SecurityGroupVO() { + this.uuid = UUID.randomUUID().toString(); + } + + public SecurityGroupVO(String name, String description, long domainId, long accountId) { + this.name = name; + this.description = description; + this.domainId = domainId; + this.accountId = accountId; + this.uuid = UUID.randomUUID().toString(); + } + + @Override + public long getId() { + return id; + } + + @Override + public String getName() { + return name; + } + + @Override + public String getDescription() { + return description; + } + + @Override + public long getDomainId() { + return domainId; + } + + @Override + public long getAccountId() { + return accountId; + } + + @Override + public String getUuid() { + return this.uuid; + } + + public void setUuid(String uuid) { + this.uuid = uuid; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java b/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java new file mode 100644 index 0000000..e50f3eb --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/SecurityGroupWork.java @@ -0,0 +1,40 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security; + +import org.apache.cloudstack.api.InternalIdentity; + +/** + * Work related to security groups for a vm + * + */ +public interface SecurityGroupWork { + + public enum Step { + Scheduled, + Processing, + Done, + Error + } + + Long getInstanceId(); + Long getLogsequenceNumber(); + Step getStep(); + void setStep(Step step); + public abstract void setLogsequenceNumber(Long logsequenceNumber); + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java b/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java new file mode 100644 index 0000000..33d30fb --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/SecurityGroupWorkVO.java @@ -0,0 +1,135 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security; + +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; + +import com.cloud.utils.db.GenericDao; +import org.apache.cloudstack.api.InternalIdentity; + +@Entity +@Table(name="op_nwgrp_work") +public class SecurityGroupWorkVO implements SecurityGroupWork, InternalIdentity { + + + @Id + @GeneratedValue(strategy=GenerationType.IDENTITY) + @Column(name="id") + private Long id; + + @Column(name="instance_id", updatable=false, nullable=false) + private Long instanceId; // vm_instance id + + + @Column(name="mgmt_server_id", nullable=true) + private Long serverId; + + @Column(name=GenericDao.CREATED_COLUMN) + private Date created; + + + @Column(name="step", nullable = false) + @Enumerated(value=EnumType.STRING) + private Step step; + + @Column(name="taken", nullable=true) + @Temporal(value=TemporalType.TIMESTAMP) + private Date dateTaken; + + @Column(name="seq_no", nullable=true) + private Long logsequenceNumber = null; + + + protected SecurityGroupWorkVO() { + } + + public long getId() { + return id; + } + + public Long getInstanceId() { + return instanceId; + } + + + public Long getServerId() { + return serverId; + } + + + public void setServerId(final Long serverId) { + this.serverId = serverId; + } + + public Date getCreated() { + return created; + } + + + + public SecurityGroupWorkVO(Long instanceId, Long serverId, Date created, + Step step, Date dateTaken) { + super(); + this.instanceId = instanceId; + this.serverId = serverId; + this.created = created; + this.step = step; + this.dateTaken = dateTaken; + } + + @Override + public String toString() { + return new StringBuilder("[NWGrp-Work:id=").append(id).append(":vm=").append(instanceId).append("]").toString(); + } + + public Date getDateTaken() { + return dateTaken; + } + + public void setStep(Step step) { + this.step = step; + } + + public Step getStep() { + return step; + } + + public void setDateTaken(Date date) { + dateTaken = date; + } + + public Long getLogsequenceNumber() { + return logsequenceNumber; + } + + @Override + public void setLogsequenceNumber(Long logsequenceNumber) { + this.logsequenceNumber = logsequenceNumber; + } + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java b/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java new file mode 100644 index 0000000..2090ce3 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/VmRulesetLogVO.java @@ -0,0 +1,81 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security; + +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; + +import com.cloud.utils.db.GenericDao; +import org.apache.cloudstack.api.InternalIdentity; + +/** + * Records the intent to update a VM's ingress ruleset + * + */ +@Entity +@Table(name="op_vm_ruleset_log") +public class VmRulesetLogVO implements InternalIdentity { + @Id + @GeneratedValue(strategy=GenerationType.IDENTITY) + @Column(name="id") + private Long id; + + @Column(name="instance_id", updatable=false, nullable=false) + private Long instanceId; // vm_instance id + + @Column(name=GenericDao.CREATED_COLUMN) + private Date created; + + @Column(name="logsequence") + long logsequence; + + protected VmRulesetLogVO() { + + } + + public VmRulesetLogVO(Long instanceId) { + super(); + this.instanceId = instanceId; + } + + public long getId() { + return id; + } + + public Long getInstanceId() { + return instanceId; + } + + public Date getCreated() { + return created; + } + + public long getLogsequence() { + return logsequence; + } + + public void incrLogsequence() { + logsequence++; + } + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java new file mode 100644 index 0000000..482e13c --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDao.java @@ -0,0 +1,30 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; + +import com.cloud.network.security.SecurityGroupVO; +import com.cloud.utils.db.GenericDao; + +public interface SecurityGroupDao extends GenericDao { + List listByAccountId(long accountId); + boolean isNameInUse(Long accountId, Long domainId, String name); + SecurityGroupVO findByAccountAndName(Long accountId, String name); + List findByAccountAndNames(Long accountId, String... names); + int removeByAccountId(long accountId); +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java new file mode 100644 index 0000000..d82cc4a --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java @@ -0,0 +1,136 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; + +import javax.ejb.Local; +import javax.inject.Inject; + +import org.springframework.stereotype.Component; + +import com.cloud.network.security.SecurityGroupVO; +import com.cloud.server.ResourceTag.TaggedResourceType; +import com.cloud.tags.dao.ResourceTagDao; +import com.cloud.tags.dao.ResourceTagsDaoImpl; + +import com.cloud.utils.db.DB; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; +import com.cloud.utils.db.Transaction; + +@Component +@Local(value={SecurityGroupDao.class}) +public class SecurityGroupDaoImpl extends GenericDaoBase implements SecurityGroupDao { + private SearchBuilder AccountIdSearch; + private SearchBuilder AccountIdNameSearch; + private SearchBuilder AccountIdNamesSearch; + @Inject ResourceTagDao _tagsDao; + + + protected SecurityGroupDaoImpl() { + AccountIdSearch = createSearchBuilder(); + AccountIdSearch.and("accountId", AccountIdSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountIdSearch.done(); + + AccountIdNameSearch = createSearchBuilder(); + AccountIdNameSearch.and("accountId", AccountIdNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountIdNameSearch.and("name", AccountIdNameSearch.entity().getName(), SearchCriteria.Op.EQ); + + AccountIdNamesSearch = createSearchBuilder(); + AccountIdNamesSearch.and("accountId", AccountIdNamesSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountIdNamesSearch.and("groupNames", AccountIdNamesSearch.entity().getName(), SearchCriteria.Op.IN); + AccountIdNameSearch.done(); + } + + @Override + public List listByAccountId(long accountId) { + SearchCriteria sc = AccountIdSearch.create(); + sc.setParameters("accountId", accountId); + return listBy(sc); + } + + @Override + public boolean isNameInUse(Long accountId, Long domainId, String name) { + SearchCriteria sc = createSearchCriteria(); + sc.addAnd("name", SearchCriteria.Op.EQ, name); + if (accountId != null) { + sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); + } else { + sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); + sc.addAnd("accountId", SearchCriteria.Op.NULL); + } + + List securityGroups = listBy(sc); + return ((securityGroups != null) && !securityGroups.isEmpty()); + } + + @Override + public SecurityGroupVO findByAccountAndName(Long accountId, String name) { + SearchCriteria sc = AccountIdNameSearch.create(); + sc.setParameters("accountId", accountId); + sc.setParameters("name", name); + + return findOneIncludingRemovedBy(sc); + } + + @Override + public List findByAccountAndNames(Long accountId, String... names) { + SearchCriteria sc = AccountIdNamesSearch.create(); + sc.setParameters("accountId", accountId); + + sc.setParameters("groupNames", (Object [])names); + + return listBy(sc); + } + @Override + public int removeByAccountId(long accountId) { + SearchCriteria sc = AccountIdSearch.create(); + sc.setParameters("accountId", accountId); + return expunge(sc); + } + + + @Override + @DB + public boolean remove(Long id) { + Transaction txn = Transaction.currentTxn(); + txn.start(); + SecurityGroupVO entry = findById(id); + if (entry != null) { + _tagsDao.removeByIdAndType(id, TaggedResourceType.SecurityGroup); + } + boolean result = super.remove(id); + txn.commit(); + return result; + } + + @Override + @DB + public boolean expunge(Long id) { + Transaction txn = Transaction.currentTxn(); + txn.start(); + SecurityGroupVO entry = findById(id); + if (entry != null) { + _tagsDao.removeByIdAndType(id, TaggedResourceType.SecurityGroup); + } + boolean result = super.expunge(id); + txn.commit(); + return result; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java new file mode 100644 index 0000000..4668aa4 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDao.java @@ -0,0 +1,35 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; + +import com.cloud.network.security.SecurityGroupRuleVO; +import com.cloud.network.security.SecurityRule.SecurityRuleType; +import com.cloud.utils.db.GenericDao; + +public interface SecurityGroupRuleDao extends GenericDao { + List listBySecurityGroupId(long securityGroupId, SecurityRuleType type); + List listByAllowedSecurityGroupId(long networkGroupId); + SecurityGroupRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr); + SecurityGroupRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup); + SecurityGroupRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId); + int deleteBySecurityGroup(long securityGroupId); + int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id); + int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr); + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java new file mode 100644 index 0000000..346ed26 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRuleDaoImpl.java @@ -0,0 +1,176 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; +import java.util.Map; + +import javax.ejb.Local; +import javax.inject.Inject; +import javax.naming.ConfigurationException; + +import org.springframework.stereotype.Component; + +import com.cloud.network.security.SecurityGroupRuleVO; +import com.cloud.network.security.SecurityGroupVO; +import com.cloud.network.security.SecurityRule.SecurityRuleType; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.JoinBuilder; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +@Component +@Local(value={SecurityGroupRuleDao.class}) +public class SecurityGroupRuleDaoImpl extends GenericDaoBase implements SecurityGroupRuleDao { + + @Inject SecurityGroupDao _securityGroupDao; + + protected SearchBuilder securityGroupIdSearch; + protected SearchBuilder securityGroupIdAndTypeSearch; + protected SearchBuilder allowedSecurityGroupIdSearch; + protected SearchBuilder protoPortsAndCidrSearch; + protected SearchBuilder protoPortsAndSecurityGroupNameSearch; + protected SearchBuilder protoPortsAndSecurityGroupIdSearch; + + + + protected SecurityGroupRuleDaoImpl() { + securityGroupIdSearch = createSearchBuilder(); + securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + securityGroupIdSearch.done(); + + securityGroupIdAndTypeSearch = createSearchBuilder(); + securityGroupIdAndTypeSearch.and("securityGroupId", securityGroupIdAndTypeSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + securityGroupIdAndTypeSearch.and("type", securityGroupIdAndTypeSearch.entity().getType(), SearchCriteria.Op.EQ); + securityGroupIdAndTypeSearch.done(); + + allowedSecurityGroupIdSearch = createSearchBuilder(); + allowedSecurityGroupIdSearch.and("allowedNetworkId", allowedSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); + allowedSecurityGroupIdSearch.done(); + + protoPortsAndCidrSearch = createSearchBuilder(); + protoPortsAndCidrSearch.and("securityGroupId", protoPortsAndCidrSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + protoPortsAndCidrSearch.and("proto", protoPortsAndCidrSearch.entity().getProtocol(), SearchCriteria.Op.EQ); + protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ); + protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ); + protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedSourceIpCidr(), SearchCriteria.Op.EQ); + protoPortsAndCidrSearch.done(); + + protoPortsAndSecurityGroupIdSearch = createSearchBuilder(); + protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ); + + } + + public List listBySecurityGroupId(long securityGroupId, SecurityRuleType type) { + SearchCriteria sc = securityGroupIdAndTypeSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); + String dbType; + if (type == SecurityRuleType.EgressRule) { + dbType = SecurityRuleType.EgressRule.getType(); + }else { + dbType = SecurityRuleType.IngressRule.getType(); + } + + sc.setParameters("type", dbType); + return listBy(sc); + } + + public int deleteBySecurityGroup(long securityGroupId) { + SearchCriteria sc = securityGroupIdSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); + return expunge(sc); + } + + @Override + public List listByAllowedSecurityGroupId(long securityGroupId) { + SearchCriteria sc = allowedSecurityGroupIdSearch.create(); + sc.setParameters("allowedNetworkId", securityGroupId); + return listBy(sc); + } + + @Override + public SecurityGroupRuleVO findByProtoPortsAndCidr(long securityGroupId, + String proto, int startPort, int endPort, String cidr) { + SearchCriteria sc = protoPortsAndCidrSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("proto", proto); + sc.setParameters("startPort", startPort); + sc.setParameters("endPort", endPort); + sc.setParameters("cidr", cidr); + return findOneIncludingRemovedBy(sc); + } + + @Override + public SecurityGroupRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String securityGroup) { + SearchCriteria sc = protoPortsAndSecurityGroupNameSearch.create(); + sc.setParameters("proto", proto); + sc.setParameters("startPort", startPort); + sc.setParameters("endPort", endPort); + sc.setJoinParameters("groupName", "groupName", securityGroup); + return findOneIncludingRemovedBy(sc); + } + + @Override + public boolean configure(String name, Map params) throws ConfigurationException { + protoPortsAndSecurityGroupNameSearch = createSearchBuilder(); + protoPortsAndSecurityGroupNameSearch.and("proto", protoPortsAndSecurityGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupNameSearch.and("startPort", protoPortsAndSecurityGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupNameSearch.and("endPort", protoPortsAndSecurityGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ); + SearchBuilder ngSb = _securityGroupDao.createSearchBuilder(); + ngSb.and("groupName", ngSb.entity().getName(), SearchCriteria.Op.EQ); + protoPortsAndSecurityGroupNameSearch.join("groupName", ngSb, protoPortsAndSecurityGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER); + protoPortsAndSecurityGroupNameSearch.done(); + return super.configure(name, params); + } + + @Override + public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) { + SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("proto", protocol); + sc.setParameters("startPort", startPort); + sc.setParameters("endPort", endPort); + sc.setParameters("allowedNetworkId", allowedGroupId); + return expunge(sc); + } + + @Override + public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) { + SearchCriteria sc = protoPortsAndCidrSearch.create(); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("proto", protocol); + sc.setParameters("startPort", startPort); + sc.setParameters("endPort", endPort); + sc.setParameters("cidr", cidr); + return expunge(sc); + } + + @Override + public SecurityGroupRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto, int startPort, int endPort, Long allowedGroupId) { + SearchCriteria sc = protoPortsAndSecurityGroupIdSearch.create(); + sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId); + sc.setParameters("proto", proto); + sc.setParameters("startPort", startPort); + sc.setParameters("endPort", endPort); + sc.setParameters("allowedNetworkId", allowedGroupId); + return findOneIncludingRemovedBy(sc); + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java new file mode 100644 index 0000000..b97662c --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java @@ -0,0 +1,48 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; + +import com.cloud.network.security.SecurityGroupRulesVO; +import com.cloud.utils.db.GenericDao; + +public interface SecurityGroupRulesDao extends GenericDao { + /** + * List a security group and associated ingress rules + * @return the list of ingress rules associated with the security group (and security group info) + */ + List listSecurityGroupRules(long accountId, String groupName); + + /** + * List security groups and associated ingress rules + * @return the list of security groups with associated ingress rules + */ + List listSecurityGroupRules(long accountId); + + /** + * List all security groups and associated ingress rules + * @return the list of security groups with associated ingress rules + */ + List listSecurityGroupRules(); + + /** + * List all security rules belonging to the specific group + * @return the security group with associated ingress rules + */ + List listSecurityRulesByGroupId(long groupId); +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java new file mode 100644 index 0000000..18ef57f --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java @@ -0,0 +1,96 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; + +import javax.ejb.Local; + +import org.springframework.stereotype.Component; + +import com.cloud.network.security.SecurityGroupRulesVO; +import com.cloud.utils.db.Filter; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +@Component +@Local(value={SecurityGroupRulesDao.class}) +public class SecurityGroupRulesDaoImpl extends GenericDaoBase implements SecurityGroupRulesDao { + private SearchBuilder AccountGroupNameSearch; + private SearchBuilder AccountSearch; + private SearchBuilder GroupSearch; + + + protected SecurityGroupRulesDaoImpl() { + AccountGroupNameSearch = createSearchBuilder(); + AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ); + AccountGroupNameSearch.done(); + + AccountSearch = createSearchBuilder(); + AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ); + AccountSearch.done(); + + GroupSearch = createSearchBuilder(); + GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ); + GroupSearch.done(); + + } + + @Override + public List listSecurityGroupRules() { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + return listAll(searchFilter); + } + + @Override + public List listSecurityGroupRules(long accountId, String groupName) { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + + SearchCriteria sc = AccountGroupNameSearch.create(); + sc.setParameters("accountId", accountId); + sc.setParameters("name", groupName); + + return listBy(sc, searchFilter); + } + + @Override + public List listSecurityGroupRules(long accountId) { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + SearchCriteria sc = AccountSearch.create(); + sc.setParameters("accountId", accountId); + return listBy(sc, searchFilter); + } + + @Override + public List listSecurityRulesByGroupId(long groupId) { + Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null); + SearchCriteria sc = GroupSearch.create(); + sc.setParameters("groupId", groupId); + return listBy(sc, searchFilter); + } + + @Override + public SecurityGroupRulesVO findByUuidIncludingRemoved(final String uuid) { + SearchCriteria sc = createSearchCriteria(); + sc.addAnd("ruleUuid", SearchCriteria.Op.EQ, uuid); + SecurityGroupRulesVO rule = findOneIncludingRemovedBy(sc); + SecurityGroupRulesVO newRule = new SecurityGroupRulesVO(rule.getRuleId()); + return newRule; + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java new file mode 100644 index 0000000..cbeae4f --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java @@ -0,0 +1,38 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; + +import com.cloud.network.security.SecurityGroupVMMapVO; +import com.cloud.utils.Pair; +import com.cloud.utils.db.Filter; +import com.cloud.utils.db.GenericDao; +import com.cloud.vm.VirtualMachine.State; + +public interface SecurityGroupVMMapDao extends GenericDao { + List listByIpAndInstanceId(String ipAddress, long instanceId); + List listByInstanceId(long instanceId); + Pair, Integer> listByInstanceId(long instanceId, Filter filter); + List listByIp(String ipAddress); + List listBySecurityGroup(long securityGroupId); + List listBySecurityGroup(long securityGroupId, State ... vmStates); + int deleteVM(long instanceid); + List listVmIdsBySecurityGroup(long securityGroupId); + SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId); + long countSGForVm(long instanceId); +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java new file mode 100644 index 0000000..46135d1 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java @@ -0,0 +1,166 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.List; + +import javax.ejb.Local; + +import org.springframework.stereotype.Component; + +import com.cloud.dc.VlanVO; +import com.cloud.dc.Vlan.VlanType; +import com.cloud.network.dao.IPAddressVO; +import com.cloud.network.security.SecurityGroupVMMapVO; +import com.cloud.utils.Pair; +import com.cloud.utils.db.Filter; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.GenericSearchBuilder; +import com.cloud.utils.db.JoinBuilder; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; +import com.cloud.utils.db.SearchCriteria.Func; +import com.cloud.utils.db.SearchCriteria.Op; +import com.cloud.vm.VirtualMachine.State; + +@Component +@Local(value={SecurityGroupVMMapDao.class}) +public class SecurityGroupVMMapDaoImpl extends GenericDaoBase implements SecurityGroupVMMapDao { + private SearchBuilder ListByIpAndVmId; + private SearchBuilder ListByVmId; + private SearchBuilder ListByVmIdGroupId; + protected GenericSearchBuilder CountSGForVm; + + private GenericSearchBuilder ListVmIdBySecurityGroup; + + private SearchBuilder ListByIp; + private SearchBuilder ListBySecurityGroup; + private SearchBuilder ListBySecurityGroupAndStates; + + protected SecurityGroupVMMapDaoImpl() { + ListByIpAndVmId = createSearchBuilder(); + ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ); + ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ); + ListByIpAndVmId.done(); + + ListVmIdBySecurityGroup = createSearchBuilder(Long.class); + ListVmIdBySecurityGroup.and("securityGroupId", ListVmIdBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListVmIdBySecurityGroup.selectField(ListVmIdBySecurityGroup.entity().getInstanceId()); + ListVmIdBySecurityGroup.done(); + + ListBySecurityGroup = createSearchBuilder(); + ListBySecurityGroup.and("securityGroupId", ListBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListBySecurityGroup.done(); + + ListByIp = createSearchBuilder(); + ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ); + ListByIp.done(); + + ListByVmId = createSearchBuilder(); + ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ); + ListByVmId.done(); + + ListBySecurityGroupAndStates = createSearchBuilder(); + ListBySecurityGroupAndStates.and("securityGroupId", ListBySecurityGroupAndStates.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListBySecurityGroupAndStates.and("states", ListBySecurityGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN); + ListBySecurityGroupAndStates.done(); + + ListByVmIdGroupId = createSearchBuilder(); + ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ); + ListByVmIdGroupId.and("securityGroupId", ListByVmIdGroupId.entity().getSecurityGroupId(), SearchCriteria.Op.EQ); + ListByVmIdGroupId.done(); + + CountSGForVm = createSearchBuilder(Long.class); + CountSGForVm.select(null, Func.COUNT, null); + CountSGForVm.and("vmId", CountSGForVm.entity().getInstanceId(), SearchCriteria.Op.EQ); + CountSGForVm.done(); + } + + @Override + public List listByIpAndInstanceId(String ipAddress, long vmId) { + SearchCriteria sc = ListByIpAndVmId.create(); + sc.setParameters("ipAddress", ipAddress); + sc.setParameters("instanceId", vmId); + return listBy(sc); + } + + @Override + public List listBySecurityGroup(long securityGroupId) { + SearchCriteria sc = ListBySecurityGroup.create(); + sc.setParameters("securityGroupId", securityGroupId); + return listBy(sc); + } + + @Override + public List listByIp(String ipAddress) { + SearchCriteria sc = ListByIp.create(); + sc.setParameters("ipAddress", ipAddress); + return listBy(sc); + } + + @Override + public List listByInstanceId(long vmId) { + SearchCriteria sc = ListByVmId.create(); + sc.setParameters("instanceId", vmId); + return listBy(sc); + } + + @Override + public Pair, Integer> listByInstanceId(long instanceId, Filter filter) { + SearchCriteria sc = ListByVmId.create(); + sc.setParameters("instanceId", instanceId); + return this.searchAndCount(sc, filter); + } + + @Override + public int deleteVM(long instanceId) { + SearchCriteria sc = ListByVmId.create(); + sc.setParameters("instanceId", instanceId); + return super.expunge(sc); + } + + @Override + public List listBySecurityGroup(long securityGroupId, State... vmStates) { + SearchCriteria sc = ListBySecurityGroupAndStates.create(); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("states", (Object[])vmStates); + return listBy(sc, null, true); + } + + @Override + public List listVmIdsBySecurityGroup(long securityGroupId) { + SearchCriteria sc = ListVmIdBySecurityGroup.create(); + sc.setParameters("securityGroupId", securityGroupId); + return customSearchIncludingRemoved(sc, null); + } + + @Override + public SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId) { + SearchCriteria sc = ListByVmIdGroupId.create(); + sc.setParameters("securityGroupId", securityGroupId); + sc.setParameters("instanceId", instanceId); + return findOneIncludingRemovedBy(sc); + } + + @Override + public long countSGForVm(long instanceId) { + SearchCriteria sc = CountSGForVm.create(); + sc.setParameters("vmId", instanceId); + return customSearch(sc, null).get(0); + } + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java new file mode 100644 index 0000000..e6b4b88 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java @@ -0,0 +1,49 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.Date; +import java.util.List; + +import com.cloud.network.security.SecurityGroupWork; +import com.cloud.network.security.SecurityGroupWorkVO; +import com.cloud.network.security.SecurityGroupWork.Step; +import com.cloud.utils.db.GenericDao; + +public interface SecurityGroupWorkDao extends GenericDao { + SecurityGroupWork findByVmId(long vmId, boolean taken); + + SecurityGroupWorkVO findByVmIdStep(long vmId, Step step); + + + SecurityGroupWorkVO take(long serverId); + + void updateStep(Long vmId, Long logSequenceNumber, Step done); + + void updateStep(Long workId, Step done); + + int deleteFinishedWork(Date timeBefore); + + List findUnfinishedWork(Date timeBefore); + + List findAndCleanupUnfinishedWork(Date timeBefore); + + + List findScheduledWork(); + + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java new file mode 100644 index 0000000..3154ffe --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java @@ -0,0 +1,241 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.Date; +import java.util.List; + +import javax.ejb.Local; + +import org.apache.log4j.Logger; +import org.springframework.stereotype.Component; + +import com.cloud.network.security.SecurityGroupWork; +import com.cloud.network.security.SecurityGroupWork.Step; +import com.cloud.network.security.SecurityGroupWorkVO; +import com.cloud.utils.db.DB; +import com.cloud.utils.db.Filter; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; +import com.cloud.utils.db.SearchCriteria.Op; +import com.cloud.utils.db.Transaction; +import com.cloud.utils.exception.CloudRuntimeException; + +@Component +@Local(value={SecurityGroupWorkDao.class}) +public class SecurityGroupWorkDaoImpl extends GenericDaoBase implements SecurityGroupWorkDao { + private static final Logger s_logger = Logger.getLogger(SecurityGroupWorkDaoImpl.class); + + private final SearchBuilder VmIdTakenSearch; + private final SearchBuilder VmIdSeqNumSearch; + private final SearchBuilder VmIdUnTakenSearch; + private final SearchBuilder UntakenWorkSearch; + private final SearchBuilder VmIdStepSearch; + private final SearchBuilder CleanupSearch; + + + protected SecurityGroupWorkDaoImpl() { + VmIdTakenSearch = createSearchBuilder(); + VmIdTakenSearch.and("vmId", VmIdTakenSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); + VmIdTakenSearch.and("taken", VmIdTakenSearch.entity().getDateTaken(), SearchCriteria.Op.NNULL); + + VmIdTakenSearch.done(); + + VmIdUnTakenSearch = createSearchBuilder(); + VmIdUnTakenSearch.and("vmId", VmIdUnTakenSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); + VmIdUnTakenSearch.and("taken", VmIdUnTakenSearch.entity().getDateTaken(), SearchCriteria.Op.NULL); + + VmIdUnTakenSearch.done(); + + UntakenWorkSearch = createSearchBuilder(); + UntakenWorkSearch.and("server", UntakenWorkSearch.entity().getServerId(), SearchCriteria.Op.NULL); + UntakenWorkSearch.and("taken", UntakenWorkSearch.entity().getDateTaken(), SearchCriteria.Op.NULL); + UntakenWorkSearch.and("step", UntakenWorkSearch.entity().getStep(), SearchCriteria.Op.EQ); + + UntakenWorkSearch.done(); + + VmIdSeqNumSearch = createSearchBuilder(); + VmIdSeqNumSearch.and("vmId", VmIdSeqNumSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); + VmIdSeqNumSearch.and("seqno", VmIdSeqNumSearch.entity().getLogsequenceNumber(), SearchCriteria.Op.EQ); + + VmIdSeqNumSearch.done(); + + VmIdStepSearch = createSearchBuilder(); + VmIdStepSearch.and("vmId", VmIdStepSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); + VmIdStepSearch.and("step", VmIdStepSearch.entity().getStep(), SearchCriteria.Op.EQ); + + VmIdStepSearch.done(); + + CleanupSearch = createSearchBuilder(); + CleanupSearch.and("taken", CleanupSearch.entity().getDateTaken(), Op.LTEQ); + CleanupSearch.and("step", CleanupSearch.entity().getStep(), SearchCriteria.Op.IN); + + CleanupSearch.done(); + + + } + + @Override + public SecurityGroupWork findByVmId(long vmId, boolean taken) { + SearchCriteria sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create(); + sc.setParameters("vmId", vmId); + return findOneIncludingRemovedBy(sc); + } + + @Override + @DB + public SecurityGroupWorkVO take(long serverId) { + final Transaction txn = Transaction.currentTxn(); + try { + final SearchCriteria sc = UntakenWorkSearch.create(); + sc.setParameters("step", Step.Scheduled); + + final Filter filter = new Filter(SecurityGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time? + + txn.start(); + final List vos = lockRows(sc, filter, true); + if (vos.size() == 0) { + txn.commit(); + if (s_logger.isTraceEnabled()) { + s_logger.trace("Security Group take: no work found"); + } + return null; + } + SecurityGroupWorkVO work = vos.get(0); + boolean processing = false; + if ( findByVmIdStep(work.getInstanceId(), Step.Processing) != null) { + //ensure that there is no job in Processing state for the same VM + processing = true; + if (s_logger.isTraceEnabled()) { + s_logger.trace("Security Group work take: found a job in Scheduled and Processing vmid=" + work.getInstanceId()); + } + } + work.setServerId(serverId); + work.setDateTaken(new Date()); + if (processing) { + //the caller to take() should check the step and schedule another work item to come back + //and take a look. + work.setStep(SecurityGroupWork.Step.Done); + } else { + work.setStep(SecurityGroupWork.Step.Processing); + } + + update(work.getId(), work); + + txn.commit(); + + return work; + + } catch (final Throwable e) { + throw new CloudRuntimeException("Unable to execute take", e); + } + } + + @Override + @DB + public void updateStep(Long vmId, Long logSequenceNumber, Step step) { + final Transaction txn = Transaction.currentTxn(); + txn.start(); + SearchCriteria sc = VmIdSeqNumSearch.create(); + sc.setParameters("vmId", vmId); + sc.setParameters("seqno", logSequenceNumber); + + final Filter filter = new Filter(SecurityGroupWorkVO.class, null, true, 0l, 1l); + + final List vos = lockRows(sc, filter, true); + if (vos.size() == 0) { + txn.commit(); + return; + } + SecurityGroupWorkVO work = vos.get(0); + work.setStep(step); + update(work.getId(), work); + + txn.commit(); + } + + @Override + public SecurityGroupWorkVO findByVmIdStep(long vmId, Step step) { + SearchCriteria sc = VmIdStepSearch.create(); + sc.setParameters("vmId", vmId); + sc.setParameters("step", step); + return findOneIncludingRemovedBy(sc); + } + + @Override + @DB + public void updateStep(Long workId, Step step) { + final Transaction txn = Transaction.currentTxn(); + txn.start(); + + SecurityGroupWorkVO work = lockRow(workId, true); + if (work == null) { + txn.commit(); + return; + } + work.setStep(step); + update(work.getId(), work); + + txn.commit(); + + } + + @Override + public int deleteFinishedWork(Date timeBefore) { + final SearchCriteria sc = CleanupSearch.create(); + sc.setParameters("taken", timeBefore); + sc.setParameters("step", Step.Done); + + return expunge(sc); + } + + @Override + public List findUnfinishedWork(Date timeBefore) { + final SearchCriteria sc = CleanupSearch.create(); + sc.setParameters("taken", timeBefore); + sc.setParameters("step", Step.Processing); + + List result = listIncludingRemovedBy(sc); + + return result; + } + + @Override + public List findAndCleanupUnfinishedWork(Date timeBefore) { + final SearchCriteria sc = CleanupSearch.create(); + sc.setParameters("taken", timeBefore); + sc.setParameters("step", Step.Processing); + + List result = listIncludingRemovedBy(sc); + + SecurityGroupWorkVO work = createForUpdate(); + work.setStep(Step.Error); + update(work, sc); + + return result; + } + + @Override + public List findScheduledWork() { + final SearchCriteria sc = UntakenWorkSearch.create(); + sc.setParameters("step", Step.Scheduled); + return listIncludingRemovedBy(sc); + } + + +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c11dbad9/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java b/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java new file mode 100644 index 0000000..d5ed4a0 --- /dev/null +++ b/engine/schema/src/com/cloud/network/security/dao/VmRulesetLogDao.java @@ -0,0 +1,29 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.network.security.dao; + +import java.util.Set; + +import com.cloud.network.security.VmRulesetLogVO; +import com.cloud.utils.db.GenericDao; + +public interface VmRulesetLogDao extends GenericDao { + VmRulesetLogVO findByVmId(long vmId); + + int createOrUpdate(Set workItems); + +}